Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2006-7228

Disclosure Date: November 14, 2007
CVE-2006-7228
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2006-7228 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228)
BID-26462 (http://www.securityfocus.com/bid/26462)
Advisory
SECUNIA-30219 (http://secunia.com/advisories/30219)
SECUNIA-27776 (http://secunia.com/advisories/27776)
GLSA-200711-30 (http://security.gentoo.org/glsa/glsa-200711-30.xml)
[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates (http://lists.vmware.com/pipermail/security-announce/2008/000005.html)
SECUNIA-28050 (http://secunia.com/advisories/28050)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:030
http://www.redhat.com/support/errata/RHSA-2008-0546.html
DSA-1570 (http://www.debian.org/security/2008/dsa-1570)
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
SECUNIA-28658 (http://secunia.com/advisories/28658)
SECUNIA-27773 (http://secunia.com/advisories/27773)
SECUNIA-28406 (http://secunia.com/advisories/28406)
20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus (http://www.securityfocus.com/archive/1/490917/100/0/threaded)
SECUNIA-29032 (http://secunia.com/advisories/29032)
http://www.redhat.com/support/errata/RHSA-2007-1065.html
SECUNIA-31124 (http://secunia.com/advisories/31124)
SECUNIA-29085 (http://secunia.com/advisories/29085)
http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm
http://www.redhat.com/support/errata/RHSA-2007-1077.html
20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates (http://www.securityfocus.com/archive/1/488457/100/0/threaded)
SECUNIA-29785 (http://secunia.com/advisories/29785)
http://www.redhat.com/support/errata/RHSA-2007-1076.html
http://www.redhat.com/support/errata/RHSA-2007-1068.html
ADV-2008-0637 (http://www.vupen.com/english/advisories/2008/0637)
GLSA-200805-11 (http://security.gentoo.org/glsa/glsa-200805-11.xml)
http://www.redhat.com/support/errata/RHSA-2007-1059.html
ADV-2008-1234 (http://www.vupen.com/english/advisories/2008/1234/references)
SECUNIA-28041 (http://secunia.com/advisories/28041)
GLSA-200802-10 (http://security.gentoo.org/glsa/glsa-200802-10.xml)
SECUNIA-28027 (http://secunia.com/advisories/28027)
SECUNIA-27741 (http://secunia.com/advisories/27741)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10810
http://www.mandriva.com/security/advisories?name=MDVSA-2008:012
http://www.novell.com/linux/security/advisories/2007_62_pcre.html
http://www.pcre.org/changelog.txt
SECUNIA-30155 (http://secunia.com/advisories/30155)
http://www.redhat.com/support/errata/RHSA-2007-1063.html
SECUNIA-28720 (http://secunia.com/advisories/28720)
GLSA-200801-02 (http://security.gentoo.org/glsa/glsa-200801-02.xml)
SECUNIA-27582 (http://secunia.com/advisories/27582)
[Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus (http://lists.vmware.com/pipermail/security-announce/2008/000014.html)
GLSA-200801-19 (http://security.gentoo.org/glsa/glsa-200801-19.xml)
GLSA-200801-18 (http://security.gentoo.org/glsa/glsa-200801-18.xml)
SECUNIA-28414 (http://secunia.com/advisories/28414)
SECUNIA-30106 (http://secunia.com/advisories/30106)
SECUNIA-28714 (http://secunia.com/advisories/28714)
Miscellaneous
https://bugzilla.redhat.com/show_bug.cgi?id=383371
http://bugs.gentoo.org/show_bug.cgi?id=198976
http://scary.beasts.org/security/CESA-2007-006.html
https://access.redhat.com/errata/RHSA-2007:1059
https://access.redhat.com/errata/RHSA-2007:1063
https://access.redhat.com/errata/RHSA-2007:1065
https://access.redhat.com/errata/RHSA-2007:1068
https://access.redhat.com/errata/RHSA-2007:1076
https://access.redhat.com/errata/RHSA-2007:1077
https://access.redhat.com/errata/RHSA-2008:0546
https://access.redhat.com/security/cve/CVE-2006-7228

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis